Right, i test on bananapi-r2. 2gb ram with 0x80000000 base-adress Seems you need (unsigned) int64 for calculations
Am 2. Dezember 2018 18:14:19 MEZ schrieb Simon Goldschmidt <[email protected]>: >Am 02.12.2018 um 16:48 schrieb Frank Wunderlich: >> lmb_init: base: 0x80000000, size: 0x80000000 > >Ok, so I don't know your board, is that correct? Do you have 2 GByte >starting at 0x80000000? > >If so, that would result in an overflow to 0 on a 32-bit platform and >would explain why it doesn't work. > >This is a perfect input for a test case :-) > >Thanks, >Simon > >> >> >https://github.com/frank-w/u-boot/commit/e0763252a8e135f00b996fbda7bb1067a192ca53 >> >> Regards Frank >> >>> Gesendet: Sonntag, 02. Dezember 2018 um 10:24 Uhr >>> Von: "Simon Goldschmidt" <[email protected]> >>> An: "Frank Wunderlich" <[email protected]> >>> Cc: [email protected] >>> Betreff: Re: [U-Boot] [PATCH v4 0/7] Fix CVE-2018-18440 and >CVE-2018-18439 >>> >>> Am 01.12.2018 um 12:07 schrieb Frank Wunderlich: >>>> forgot error-message and detailed command: >>>> >>>> fatload ${device} ${partition} ${scriptaddr} >${bpi}/${board}/${service}/${bootenv} >>>> ** Reading file would overwrite reserved memory ** >>>> echo ${device} ${partition} ${scriptaddr} >${bpi}/${board}/${service}/${bootenv} >>>> mmc 1:1 0x83000000 bananapi/bpi-r2/linux/uEnv.txt >>>> >>>> file exists i checked with test, but fatload failed, after >reverting the Patches same command works >>> >>> Hmm, ok. With your configuration, I thought >'gd->bd->bi_dram[0].start' >>> and 'gd->bd->bi_dram[0].size' should be populated and correctly >describe >>> your DRAM. >>> >>> Could you try adding this printf code to the function >>> 'lmb_init_and_reserve': >>> >>> printf("lmb_init: base: 0x%x, size: 0x%x\n", base, size); >>> >>> and check if this correctly describes your memory? >>> >>> Thanks, >>> Simon >>> >>>> >>>> regards Frank >>>> >>>>> Gesendet: Samstag, 01. Dezember 2018 um 10:46 Uhr >>>>> Von: "Frank Wunderlich" <[email protected]> >>>>> An: "Simon Goldschmidt" <[email protected]> >>>>> Cc: [email protected] >>>>> Betreff: Re: [U-Boot] [PATCH v4 0/7] Fix CVE-2018-18440 and >CVE-2018-18439 >>>>> >>>>> Hi Simon >>>>> >>>>> #define CONFIG_SYS_SDRAM_BASE 0x80000000 >>>>> >>>>> >https://github.com/frank-w/u-boot/blob/a6d0c3f8e992a2e428f05443647fe9f5b13f8634/include/configs/mt7623.h#L47 >>>>> >>>>> CONFIG_ARM=y >>>>> CONFIG_NR_DRAM_BANKS=1 >>>>> >https://github.com/frank-w/u-boot/blob/a6d0c3f8e992a2e428f05443647fe9f5b13f8634/configs/mt7623n_bpir2_defconfig#L7 >>>>> >>>>> i applied the patch-series on top of my 2018-11 final (currently >removed from github) >>>>> >>>>> https://github.com/frank-w/u-boot/tree/bpi-r2_v5 >>>>> >>>>> tried ${scriptaddr}=0x83000000 >>>>> >>>>> here the fatload-command: >>>>> >>>>> >https://github.com/frank-w/u-boot/blob/60bc4075c7744e36058fcba76cd6e6c3a4002265/uEnv.txt#L22 >>>>> >>>>> working before, 0x81000000 and some higher values >>>>> >>>>> HTH >>>>> >>>>> regards Frank >>>>> >>>>>> Gesendet: Samstag, 01. Dezember 2018 um 10:25 Uhr >>>>>> Von: "Simon Goldschmidt" <[email protected]> >>>>>> An: "Frank Wunderlich" <[email protected]> >>>>>> Cc: "U-Boot Mailing List" <[email protected]> >>>>>> Betreff: Re: [U-Boot] [PATCH v4 0/7] Fix CVE-2018-18440 and >CVE-2018-18439 >>>>>> >>>>>> On Fri, Nov 30, 2018 at 6:51 PM Frank Wunderlich >>>>>> <[email protected]> wrote: >>>>>>> >>>>>>> Hi Simon, >>>>>>> >>>>>>> after applying these Patch-series i cannot load to any address >(fatload). Do i need any additional Patch ("fdt: parse >"reserved-memory" for memory reservation" sounds like that). Maybe >there should be a fallback if no reservation is defined. >>>>>> >>>>>> No, you should not need additional patches. The code makes use of >>>>>> "lmb" memory allocation just like the "bootm" code does. The >"memory >>>>>> reservation" patch you cited only ensures that memory which is >marked >>>>>> as reserved in the fdt cannot be overwritten by load. >>>>>> >>>>>> If it doesn't work for you at all, the available memory is >probably >>>>>> not described correctly. Could you check the values of the >following >>>>>> defines (or if they are defined at all): >>>>>> - CONFIG_SYS_SDRAM_BASE >>>>>> - CONFIG_ARM >>>>>> - CONFIG_NR_DRAM_BANKS >>>>>> >>>>>> I might need to improve the DRAM detection code in v5 (which is >still >>>>>> pending as I am working on lmb tests). >>>>>> >>>>>> Regards, >>>>>> Simon >>>>>> >>>>>>> >>>>>>> regards Frank >>>>>>> >>>>>>>> Gesendet: Samstag, 24. November 2018 um 15:11 Uhr >>>>>>>> Von: "Simon Goldschmidt" <[email protected]> >>>>>>>> An: "Tom Rini" <[email protected]>, [email protected], "Joe >Hershberger" <[email protected]> >>>>>>>> Cc: "Alexey Brodkin" <[email protected]>, "Heinrich >Schuchardt" <[email protected]>, "Michal Simek" ><[email protected]>, "Alexander Graf" <[email protected]>, "Andrea >Barisani" <[email protected]> >>>>>>>> Betreff: [U-Boot] [PATCH v4 0/7] Fix CVE-2018-18440 and >CVE-2018-18439 >>>>>>>> >>>>>>>> This series fixes CVE-2018-18440 ("insufficient boundary checks >in >>>>>>>> filesystem image load") by adding restrictions to the 'load' >>>>>>>> command and fixes CVE-2018-18439 ("insufficient boundary checks >in >>>>>>>> network image boot") by adding restrictions to the tftp code. >>>>>>>> The functions from lmb.c are used to setup regions of allowed >and >>>>>>>> reserved memory. Then, the file size to load is checked against >these >>>>>>>> addresses and loading the file is aborted if it would overwrite >>>>>>>> reserved memory. >>>>>>>> >>>>>>>> The memory reservation code is reused from bootm/image. >>>>>>>> >>>>>>>> Changes in v4: >>>>>>>> - fixed invalid 'if' statement without braces in >boot_fdt_reserve_region >>>>>>>> - removed patch 7 ("net: remove CONFIG_MCAST_TFTP), adapted >patch 8 >>>>>>>> >>>>>>>> Changes in v3: >>>>>>>> - No patch changes, but needed to resend since patman added too >many cc >>>>>>>> addresses that gmail seemed to detect as spam :-( >>>>>>>> >>>>>>>> Changes in v2: >>>>>>>> - added code to reserve devicetree reserved-memory in lmb >>>>>>>> - added tftp fixes (patches 7 and 8) >>>>>>>> - fixed a bug in new function lmb_alloc_addr >>>>>>>> >>>>>>>> Simon Goldschmidt (7): >>>>>>>> lib: lmb: reserving overlapping regions should fail >>>>>>>> fdt: parse "reserved-memory" for memory reservation >>>>>>>> lib: lmb: extend lmb for checks at load time >>>>>>>> fs: prevent overwriting reserved memory >>>>>>>> bootm: use new common function lmb_init_and_reserve >>>>>>>> lmb: remove unused extern declaration >>>>>>>> tftp: prevent overwriting reserved memory >>>>>>>> >>>>>>>> common/bootm.c | 8 ++---- >>>>>>>> common/image-fdt.c | 53 +++++++++++++++++++++++++++++------ >>>>>>>> fs/fs.c | 56 >+++++++++++++++++++++++++++++++++++-- >>>>>>>> include/lmb.h | 7 +++-- >>>>>>>> lib/lmb.c | 69 >++++++++++++++++++++++++++++++++++++++++++++++ >>>>>>>> net/tftp.c | 66 >++++++++++++++++++++++++++++++++++++++------ >>>>>>>> 6 files changed, 231 insertions(+), 28 deletions(-) >>>>>>>> >>>>>>>> -- >>>>>>>> 2.17.1 >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> U-Boot mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.denx.de/listinfo/u-boot >>>>>>>> >>>>>> >>>>> _______________________________________________ >>>>> U-Boot mailing list >>>>> [email protected] >>>>> https://lists.denx.de/listinfo/u-boot >>>>> >>> >>> _______________________________________________ U-Boot mailing list [email protected] https://lists.denx.de/listinfo/u-boot
